Court Breach Leads Roundup

In this week's roundup, a breach of the Washington state court system public website may have exposed 160,000 Social Security numbers and 1 million driver's license numbers. Also, Presbyterian Anesthesia Associates in Charlotte, N.C., reports a data breach that may have compromised the credit card information of 10,000 patients.

Hackers Breach Washington State Court Website

So far, the court has confirmed that the hackers actually obtained 94 Social Security numbers, according to a news release.

A Reuters report says hackers exploited a portion of a commercial software product to gain access to information.

Names and Social Security numbers may have been exposed for anyone booked into a city or county jail within the state of Washington between September 2011 and December 2012, the court reports

Those whose driver's license numbers and names may have been compromised include anyone who received a DUI citation in Washington State between 1989 through 2011; anyone who had a traffic case in Washington State filed or resolved in a district or municipal court between 2011 through 2012; and anyone who had a superior court criminal case in Washington State that was filed against them or resolved between 2011 through 2012.

Washington State Consolidated Technology Services and the Multi-State Information Sharing & Analysis Center are assisting in the court's investigation, the news release said.

Patients' Credit Card Info Accessed

The medical practice disclosed in a press release that a hacker exploited a security flaw on the organization's website and gained access to a database that contained names, contact information, dates of birth, e-mail addresses, phone numbers, credit card numbers, expiration dates and security codes.

Presbyterian Anesthesia is providing individuals with free credit monitoring services, according to the release. The practice is also working to build a more secure website, and it's contracting with an IT security firm to audit its operations.

Stolen Laptop Contains Patient Info

On April 10, the Lafayette, Ind.-based unit of the university's health system learned that the device was stolen the previous day from an employee's car, according to an online news release. The organization has notified the White County Sheriff's Office about the incident.

E-mails stored on the laptop's hard drive may have contained patient names, dates of birth, physicians' names, medical record numbers, diagnoses and dates of services, the news release says.

Patient Data Exposed in E-mail Error

The Regional Medical Center in Memphis, Tenn., is notifying an undisclosed number of patients that their information may have been exposed in three separate e-mail incidents.

The medical center on March 15 discovered that three e-mails including personal information of some outpatient physical therapy patients were transmitted on Oct. 29, 2012, Nov. 1, 2012 and Feb. 4, according to a notice issued on the organization's website.

Information in the e-mails includes patient name, patient account number, date of birth, Social Security number, home phone number and type/reason for physical therapy services.

Local CBS affiliate WREG reports that approximately 1,200 patients were affected.

Although the medical center has not received any indication that any patient's information has been inappropriately used or disclosed, it's offering one year of free credit monitoring for affected patients.

About the Author

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.